Hi,
I have a simple script to ftp from unix to a mainframe to get and put files. Currently I have the password setup in a VARS file and dereference the var in my script. Doing it this way allws me to change the password in only one place but it is still viewable for many people. Is there any other way to hide the password for the ftp command?
Thank you!
These could be understood by anyone capable of reading the execution script - they would see the way you determine the true password.
> echo $var3
3jklomnepq
> pwd=$(echo $var3 | cut -c2,5,8)
> echo $pwd
joe
And there are ways to build upon something like this - to take that first digit and understand it as the offset. I sort of did that here with the first digit being 3 and then taking character 2, then character 5 (2+3), then character 8 (5+3). I just forced the math rather than adding a couple commands to have the cut know what positions to cut.
Hi Joey,
Thanks for the reply. In your example people will still be able to go to the VARS file and see the password. Are there any FTP specific param files that the password could be put it that would make it harder to find? In my internet search I saw some code use $PASSWORD$ but it was not explained.
Thanks again!
Is sftp an option? If you use sftp you can just exchange keys and never have to worry about the password being viewable...
Hi sethcoop,
I do believe that sftp is available. How would I assign the keys?
Thank you
Generate your keys with the command "ssh-keygen".. take all default values... you will see the following and it will create two files for you... the public and private keys...
sethcoop@burn:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sethcoop/.ssh/id_rsa):
Created directory '/home/sethcoop/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sethcoop/.ssh/id_rsa.
Your public key has been saved in /home/sethcoop/.ssh/id_rsa.pub.
The key fingerprint is:
3c:58:48:6b:9e:9c:c3:72:1b:8f:a9:f8:a5:c4:31:29 sethcoop@burn
sethcoop@burn:~$ cd .ssh
sethcoop@burn:~/.ssh$ ls -al
total 16
drwx------ 2 sethcoop sethcoop 4096 2008-10-24 12:16 .
drwxr-xr-x 3 sethcoop sethcoop 4096 2008-10-24 12:15 ..
-rw------- 1 sethcoop sethcoop 1671 2008-10-24 12:16 id_rsa
-rw-r--r-- 1 sethcoop sethcoop 411 2008-10-24 12:16 id_rsa.pub
sethcoop@burn:~/.ssh$
now you can take the contents of the id_rsa.pub file and add it to the /home/userid/.ssh/authorized_keys file on the remote server.
Watch out for you permissions because they have to be correct.. ie (your home directory can only be user writable the .ssh direcotry should have 700 permissions and the authorized_keys file should have 600 permissions).
when you have the public key shared the you can type in
$ sftp userid@remotehost
and it will log you in...
hope this works... let us know if you have any troubles.
I just found out that we do not have SFTP on the mainframe systems I need to go to.
Thanks for your help.